scp without entering a password each time

scp without entering a password each time

Lets say you want to copy between two hosts host_src and remote_machine. host_src is the host where you would run  scp, ssh or rsyn, irrespective of the direction of the file copy.

  1. On host_src, run this command as the user that runs scp/ssh/rsync
    $ ssh-keygen -t rsa
    This will prompt for a passphrase. Just press the enter key.
    If you assign a password to the key, then you’ll need to enter it each time you scp. It will then generate a private key and a public key. ssh-keygen shows where it saved the public key. This is by default ~/.ssh/id_rsa.pub.
    Your public key has been saved in <your_home_dir>/.ssh/id_rsa.pub
  1. Copy the id_rsa.pub file to remote_machine by either ftp, scp, rsync or any other method.
  1. On remote_machine, login as the remote user which you plan to use when you run scp, sshor rsync.
  2. Append the contents of id_rsa.pub to ~/.ssh/authorized_keys
    $ cat id_rsa.pub >>~/.ssh/authorized_keys
    $ chmod 700 ~/.ssh/authorized_keys

If this file does not exists, then the above cat command will create it. Make sure you remove permission for others to read this file via chmod. If its a public key, why prevent others from reading this file? Probably, the owner of the key has distributed it to a few trusted users and has not placed any additional security measures to check if its really a trusted user.

Optional – allowing root to ssh:

  1. ssh by default does not allow root to log in. This has to be explicitly enabled on remote_machine. This can be done by editing /etc/ssh/sshd_config and changing the option of PermitRootLogin from no to yes.
  2. Don’t forget to restart sshd so that it reads the modified config file.
  3. Do this only if you want to use the root login.

That’s it. Now you can run scp, ssh and rsync on host_src connecting to remote_machine and it won’t prompt for the password. Note that this will still prompt for the password if you are running the commands on remote_machine connecting to host_src. You can reverse the steps above (generate the public key on remote_machine and copy it to host_src) and you have a two way setup ready!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.